package org.overlord.apiman.engine.policies;

import org.apache.commons.codec.binary.Base64;
import org.overlord.apiman.engine.policies.auth.StaticIdentityValidator;
import org.overlord.apiman.engine.policies.config.BasicAuthenticationPolicyConfig;
import org.overlord.apiman.engine.policies.i18n.Messages;
import org.overlord.apiman.rt.engine.async.AsyncResultImpl;
import org.overlord.apiman.rt.engine.async.IAsyncHandler;
import org.overlord.apiman.rt.engine.async.IAsyncResult;
import org.overlord.apiman.rt.engine.beans.PolicyFailure;
import org.overlord.apiman.rt.engine.beans.PolicyFailureType;
import org.overlord.apiman.rt.engine.beans.ServiceRequest;
import org.overlord.apiman.rt.engine.components.IPolicyFailureFactoryComponent;
import org.overlord.apiman.rt.engine.policy.IPolicyChain;
import org.overlord.apiman.rt.engine.policy.IPolicyContext;

/* loaded from: input_file:WEB-INF/lib/apiman-rt-engine-policies-1.0.0-SNAPSHOT.jar:org/overlord/apiman/engine/policies/BasicAuthenticationPolicy.class */
public class BasicAuthenticationPolicy extends AbstractPolicy<BasicAuthenticationPolicyConfig> {
    private static final StaticIdentityValidator staticIdentityValidator = new StaticIdentityValidator();

    @Override // org.overlord.apiman.engine.policies.AbstractPolicy
    protected Class<BasicAuthenticationPolicyConfig> getConfigClass() {
        return BasicAuthenticationPolicyConfig.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.overlord.apiman.engine.policies.AbstractPolicy
    public void doApply(final ServiceRequest serviceRequest, final IPolicyContext iPolicyContext, final BasicAuthenticationPolicyConfig basicAuthenticationPolicyConfig, final IPolicyChain iPolicyChain) {
        String str;
        String str2 = serviceRequest.getHeaders().get("Authorization");
        if (str2 == null || str2.trim().isEmpty()) {
            sendAuthResponse(iPolicyContext, iPolicyChain, basicAuthenticationPolicyConfig, FailureCodes.BASIC_AUTH_REQUIRED);
            return;
        }
        if (!str2.toUpperCase().startsWith("BASIC ")) {
            sendAuthResponse(iPolicyContext, iPolicyChain, basicAuthenticationPolicyConfig, FailureCodes.BASIC_AUTH_REQUIRED);
            return;
        }
        String str3 = null;
        try {
            String str4 = new String(Base64.decodeBase64(str2.substring(6)), "UTF-8");
            int indexOf = str4.indexOf(58);
            if (indexOf > 0) {
                str = str4.substring(0, indexOf);
                str3 = str4.substring(indexOf + 1);
            } else {
                str = str4;
            }
            final String str5 = str;
            validateCredentials(str, str3, iPolicyContext, basicAuthenticationPolicyConfig, new IAsyncHandler<Boolean>() { // from class: org.overlord.apiman.engine.policies.BasicAuthenticationPolicy.1
                @Override // org.overlord.apiman.rt.engine.async.IAsyncHandler
                public void handle(IAsyncResult<Boolean> iAsyncResult) {
                    if (iAsyncResult.isError()) {
                        iPolicyChain.throwError(iAsyncResult.getError());
                        return;
                    }
                    if (!iAsyncResult.getResult().booleanValue()) {
                        BasicAuthenticationPolicy.this.sendAuthResponse(iPolicyContext, iPolicyChain, basicAuthenticationPolicyConfig, FailureCodes.BASIC_AUTH_FAILED);
                        return;
                    }
                    String forwardIdentityHttpHeader = basicAuthenticationPolicyConfig.getForwardIdentityHttpHeader();
                    if (forwardIdentityHttpHeader != null && !forwardIdentityHttpHeader.trim().isEmpty()) {
                        serviceRequest.getHeaders().put(forwardIdentityHttpHeader, str5);
                    }
                    serviceRequest.getHeaders().remove("Authorization");
                    iPolicyChain.doApply(serviceRequest);
                }
            });
        } catch (Throwable th) {
            sendAuthResponse(iPolicyContext, iPolicyChain, basicAuthenticationPolicyConfig, FailureCodes.BASIC_AUTH_FAILED);
        }
    }

    private void validateCredentials(String str, String str2, IPolicyContext iPolicyContext, BasicAuthenticationPolicyConfig basicAuthenticationPolicyConfig, IAsyncHandler<Boolean> iAsyncHandler) {
        if (basicAuthenticationPolicyConfig.getStaticIdentity() != null) {
            staticIdentityValidator.validate2(str, str2, iPolicyContext, basicAuthenticationPolicyConfig.getStaticIdentity(), iAsyncHandler);
        } else {
            iAsyncHandler.handle(AsyncResultImpl.create(Boolean.FALSE));
        }
    }

    protected void sendAuthResponse(IPolicyContext iPolicyContext, IPolicyChain iPolicyChain, BasicAuthenticationPolicyConfig basicAuthenticationPolicyConfig, int i) {
        PolicyFailure createFailure = ((IPolicyFailureFactoryComponent) iPolicyContext.getComponent(IPolicyFailureFactoryComponent.class)).createFailure(PolicyFailureType.Authentication, i, Messages.i18n.format("BasicAuthenticationPolicy.AuthenticationFailed", new Object[0]));
        String realm = basicAuthenticationPolicyConfig.getRealm();
        if (realm == null || realm.trim().isEmpty()) {
            realm = "Service";
        }
        createFailure.getHeaders().put("WWW-Authenticate", String.format("BASIC realm=\"%1$s\"", realm));
        iPolicyChain.doFailure(createFailure);
    }
}
